The Social Security Administration’s internal watchdog is investigating a complaint that alleges a former U.S. DOGE Service employee claimed he had access to two highly sensitive agency databases and planned to share the information with his private employer — a claim that, if true, would constitute an unprecedented breach of security protocols at an agency that serves more than 70 million Americans.
The agency’s inspector general is investigating the disclosure and has alerted members of Congress of its existence, according to a letter by the acting inspector general to top members of four congressional committees reviewed by The Washington Post and two people familiar with the process, who spoke on the condition of anonymity to describe sensitive deliberations. The inspector general’s office has also shared the disclosure with the Government Accountability Office, which has been conducting its own audit of DOGE’s access to data, according to one of the people. The Post has reviewed the complaint and spoken with the whistleblower, who issued the complaint anonymously for fear of retaliation.
According to the disclosure, the former DOGE software engineer, who worked at the Social Security Administration last year before starting a job at a government contractor in October, allegedly told several co-workers that he possessed two tightly restricted databases of U.S. citizens’ information, and had at least one on a thumb drive. The databases, called “Numident” and the “Master Death File,” include records for more than 500 million living and dead Americans, including Social Security numbers, places and dates of birth, citizenship, race and ethnicity, and parents’ names. The complaint does not include specific dates of when he is said to have told colleagues this information, but at least one of the alleged events unfolded around early January, according to the complaint. While working at DOGE, the engineer had approved access to Social Security data.
According to the complaint, he allegedly told the whistleblower that he needed help transferring data from a thumb drive “to his personal computer so that he could ‘sanitize’ the data before using it at [the company.]” The engineer told colleagues that once he had removed personal details from the data, he wanted to upload it into the company’s systems. He told another colleague, who refused to help him upload the data because of legal concerns, that he expected to receive a presidential pardon if his actions were deemed to be illegal, according to the complaint.
The complaint does not allege that the engineer was successful in uploading the data to the company’s system.
The Post is not naming the former DOGE member or company because it has not independently confirmed the accusations in the complaint.
The whistleblower filed the complaint with the inspector general in January. When The Post contacted the agency and the company in January, both said they had not heard of the complaint. Both said they subsequently looked into the allegations and did not find evidence to confirm the claims. The company said it had conducted a “thorough” two-day internal investigation and concluded the assertions were unsubstantiated. Reached this week, both declined further comment.
A lawyer who represents the former DOGE member told The Post he denied all alleged wrongdoing.
The complaint alleges that after leaving government employment, the former DOGE member told colleagues he had a thumb drive with Social Security data and had kept his agency computer and credentials, which he allegedly said carried largely unrestricted “God-level” security access to the agency’s systems — a level of access no other company employee had been granted in its work with SSA.
The agency has historically limited access to sensitive data to prevent it from leaking. But the Supreme Court had granted DOGE members “unfettered” access to Social Security data last summer, though that did not apply to outside contractors.
... continue reading